Closes #607

Description

This Pull Request introduces a robust, scalable, and granular Role-Based Access Control (RBAC) authorization layer for SubTrackr. It implements resource-level wildcard matching permissions, a custom NestJS guard, an audit trail tracking database engine, and a React Native management interface.

Key Enhancements & Acceptance Criteria Met

1. Schema Evolution (Prisma v7 compliant): Configured db/migrations/schema.prisma and prisma.config.js to define models for Role, Permission, UserRole, and PermissionAuditLog utilizing PostgreSQL.
2. Wildcard Pattern Matcher: Written an algorithmic evaluation engine supporting exact and glob matches (e.g., matching *:* or subscription:* against required permissions like subscription:read).
3. Execution Pipeline Guard: Developed a custom NestJS @RequirePermission() decorator and matching PermissionGuard to block unprivileged API ingress.
4. Cascading Drop Logic (Edge Case Handling): Designed service transactional pathways where wiping custom roles cascades existing users gracefully down to a baseline Viewer scope instead of throwing orphaned reference faults.
5. Privilege Escalation Prevention: Enforced strict guardrails stopping operators from granting or generating authorization bounds that exceed their own active permissions vector.
6. Mobile Management Module: Built a clean React Native administrative panel (RoleManagementScreen) supporting multi-role profile mapping and structural updates with interactive exception parsing.

Type of Change

• New feature (non-breaking change which adds functionality)
• Database Schema Migration

Testing & Verification Steps

1. Validated syntactical compilation structures across the backend abstraction modules.
2. Verified wildcard evaluation behavior programmatically under boundary scenarios (*:*, billing:*).
3. Confirmed database transaction rollback logic behaves cleanly if cascading user assignments trigger anomalies mid-flight.

Checklist

• My code follows the code style guidelines of this project.
• I have performed a self-review of my own code.
• All new and existing components compile correctly without breaking side-effects.